1. add lock function for every function

2. modify some function for crypto

diff --git a/components/mbedtls/include/mbedtls/aes.h b/components/mbedtls/include/mbedtls/aes.h
index a36e825a2e68a7b26aa9448e1890ccfad73a4270..f5e1600b36165756fc170870567a48bd8ed5f770 100644 (file)
--- a/components/mbedtls/include/mbedtls/aes.h
+++ b/components/mbedtls/include/mbedtls/aes.h
@@ -276,7 +276,27 @@ void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
 #endif
 
 #else  /* MBEDTLS_AES_ALT */
-#include "aes_alt.h"
+#include "port/aes_alt.h"
+
+typedef AES_CTX mbedtls_aes_context;
+
+#define mbedtls_aes_init                       aes_init
+#define mbedtls_aes_free                       aes_free
+#define mbedtls_aes_setkey_enc                 aes_setkey_enc
+#define mbedtls_aes_setkey_dec                 aes_setkey_dec
+#define mbedtls_aes_crypt_ecb          aes_crypt_ecb
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#define mbedtls_aes_crypt_cbc          aes_crypt_cbc
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+#define mbedtls_aes_crypt_cfb128       aes_crypt_cfb128
+#define mbedtls_aes_crypt_cfb8                 aes_crypt_cfb8
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+#define mbedtls_aes_crypt_ctr          aes_crypt_ctr
+#endif
+#define mbedtls_aes_encrypt            aes_encrypt
+#define mbedtls_aes_decrypt                    aes_decrypt
 #endif /* MBEDTLS_AES_ALT */
 
 #ifdef __cplusplus

diff --git a/components/mbedtls/include/mbedtls/bignum.h b/components/mbedtls/include/mbedtls/bignum.h
index aa51556a5744bb7a9891b42b6722a5d8e0c0e3cc..d062a7511244fd58f96f6a950ae8038a68825cbf 100644 (file)
--- a/components/mbedtls/include/mbedtls/bignum.h
+++ b/components/mbedtls/include/mbedtls/bignum.h
@@ -100,6 +100,8 @@
 #define MBEDTLS_LN_2_DIV_LN_10_SCALE100                 332
 #define MBEDTLS_MPI_RW_BUFFER_SIZE             ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
 
+#if !defined(MBEDTLS_BIGNUM_ALT)
+
 /*
  * Define the base integer type, architecture-wise.
  *
@@ -702,6 +704,54 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
 int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
                    int (*f_rng)(void *, unsigned char *, size_t),
                    void *p_rng );
+#else /* MBEDTLS_BIGNUM_ALT */
+#include "port/bignum_alt.h"
+
+typedef mpi    mbedtls_mpi;
+
+#define mbedtls_mpi_init                               mpi_init
+#define mbedtls_mpi_free                               mpi_free
+#define mbedtls_mpi_grow                               mpi_grow
+#define mbedtls_mpi_shrink                             mpi_shrink
+#define mbedtls_mpi_copy                               mpi_copy
+#define mbedtls_mpi_swap                               mpi_swap
+#define mbedtls_mpi_safe_cond_assign   mpi_safe_cond_assign
+#define mbedtls_mpi_safe_cond_swap             mpi_safe_cond_swap
+#define mbedtls_mpi_lset                               mpi_lset
+#define mbedtls_mpi_get_bit                            mpi_get_bit
+#define mbedtls_mpi_set_bit                            mpi_set_bit
+#define mbedtls_mpi_lsb                                        mpi_lsb
+#define mbedtls_mpi_bitlen                             mpi_bitlen
+#define mbedtls_mpi_size                               mpi_size
+#define mbedtls_mpi_read_string                        mpi_read_string
+#define mbedtls_mpi_write_string               mpi_write_string
+#define mbedtls_mpi_read_binary                        mpi_read_binary
+#define mbedtls_mpi_write_binary               mpi_write_binary
+#define mbedtls_mpi_shift_l                            mpi_shift_l
+#define mbedtls_mpi_shift_r                            mpi_shift_r
+#define mbedtls_mpi_cmp_abs                            mpi_cmp_abs
+#define mbedtls_mpi_cmp_mpi                            mpi_cmp_mpi
+#define mbedtls_mpi_cmp_int                            mpi_cmp_int
+#define mbedtls_mpi_add_abs                            mpi_add_abs
+#define mbedtls_mpi_sub_abs                            mpi_sub_abs
+#define mbedtls_mpi_add_mpi                            mpi_add_mpi
+#define mbedtls_mpi_sub_mpi                            mpi_sub_mpi
+#define mbedtls_mpi_add_int                            mpi_add_int
+#define mbedtls_mpi_sub_int                            mpi_sub_int
+#define mbedtls_mpi_mul_mpi                            mpi_mul_mpi
+#define mbedtls_mpi_mul_int                            mpi_mul_int
+#define mbedtls_mpi_div_mpi                            mpi_div_mpi
+#define mbedtls_mpi_div_int                            mpi_div_int
+#define mbedtls_mpi_mod_mpi                            mpi_mod_mpi
+#define mbedtls_mpi_mod_int                            mpi_mod_int
+#define mbedtls_mpi_exp_mod                            mpi_exp_mod
+#define mbedtls_mpi_fill_random                        mpi_fill_random
+#define mbedtls_mpi_gcd                                        mpi_gcd
+#define mbedtls_mpi_inv_mod                            mpi_inv_mod
+#define mbedtls_mpi_is_prime                   mpi_is_prime 
+#define mbedtls_mpi_gen_prime                  mpi_gen_prime
+
+#endif /* MBEDTLS_BIGNUM_ALT */
 
 /**
  * \brief          Checkup routine

diff --git a/components/mbedtls/include/mbedtls/esp_config.h b/components/mbedtls/include/mbedtls/esp_config.h
index 50c3ee2af71a70cc9e0dcee8191480fa96440292..614e8018bb0f23bd500cbf9c609899bc3bd2b863 100644 (file)
--- a/components/mbedtls/include/mbedtls/esp_config.h
+++ b/components/mbedtls/include/mbedtls/esp_config.h
@@ -225,7 +225,7 @@
  * Uncomment a macro to enable alternate implementation of the corresponding
  * module.
  */
-//#define MBEDTLS_AES_ALT
+#define MBEDTLS_AES_ALT
 //#define MBEDTLS_ARC4_ALT
 //#define MBEDTLS_BLOWFISH_ALT
 //#define MBEDTLS_CAMELLIA_ALT
@@ -235,10 +235,11 @@
 //#define MBEDTLS_MD4_ALT
 //#define MBEDTLS_MD5_ALT
 //#define MBEDTLS_RIPEMD160_ALT
-//#define MBEDTLS_SHA1_ALT
-//#define MBEDTLS_SHA256_ALT
-//#define MBEDTLS_SHA512_ALT
+#define MBEDTLS_SHA1_ALT
+#define MBEDTLS_SHA256_ALT
+#define MBEDTLS_SHA512_ALT
 
+#define MBEDTLS_BIGNUM_ALT
 /**
  * \def MBEDTLS_MD2_PROCESS_ALT
  *
@@ -297,7 +298,7 @@
  *
  * Uncomment this macro to store the AES tables in ROM.
  */
-//#define MBEDTLS_AES_ROM_TABLES
+#define MBEDTLS_AES_ROM_TABLES
 
 /**
  * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
@@ -373,10 +374,10 @@
  *
  * Enable padding modes in the cipher layer.
  */
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
-#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
-#define MBEDTLS_CIPHER_PADDING_ZEROS
+//#define MBEDTLS_CIPHER_PADDING_PKCS7
+//#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+//#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+//#define MBEDTLS_CIPHER_PADDING_ZEROS
 
 /**
  * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
@@ -414,18 +415,18 @@
  *
  * Comment macros to disable the curve and functions for it
  */
-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
-#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
-#define MBEDTLS_ECP_DP_BP256R1_ENABLED
-#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-#define MBEDTLS_ECP_DP_BP512R1_ENABLED
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+//#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+//#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+//#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
 
 /**
  * \def MBEDTLS_ECP_NIST_OPTIM
@@ -436,7 +437,7 @@
  *
  * Comment this macro to disable NIST curves optimisation.
  */
-#define MBEDTLS_ECP_NIST_OPTIM
+//#define MBEDTLS_ECP_NIST_OPTIM
 
 /**
  * \def MBEDTLS_ECDSA_DETERMINISTIC
@@ -450,7 +451,7 @@
  *
  * Comment this macro to disable deterministic ECDSA.
  */
-#define MBEDTLS_ECDSA_DETERMINISTIC
+//#define MBEDTLS_ECDSA_DETERMINISTIC
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
@@ -472,7 +473,7 @@
  *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
  */
-#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
@@ -496,7 +497,7 @@
  *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
  */
-#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
@@ -516,7 +517,7 @@
  *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
  */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
@@ -595,7 +596,7 @@
  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
  *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  */
-#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@@ -620,7 +621,7 @@
  *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
  */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
@@ -644,7 +645,7 @@
  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
@@ -668,7 +669,7 @@
  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
  */
-#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
@@ -692,7 +693,7 @@
  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
  */
-#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
@@ -945,7 +946,7 @@
  *
  * Comment this macro to disable support for Encrypt-then-MAC
  */
-#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
+//#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
 
 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
  *
@@ -963,7 +964,7 @@
  *
  * Comment this macro to disable support for Extended Master Secret.
  */
-#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+//#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
 
 /**
  * \def MBEDTLS_SSL_FALLBACK_SCSV
@@ -980,7 +981,7 @@
  *
  * Comment this macro to disable support for FALLBACK_SCSV
  */
-#define MBEDTLS_SSL_FALLBACK_SCSV
+//#define MBEDTLS_SSL_FALLBACK_SCSV
 
 /**
  * \def MBEDTLS_SSL_HW_RECORD_ACCEL
@@ -1017,7 +1018,7 @@
  *
  * Comment this to disable support for renegotiation.
  */
-#define MBEDTLS_SSL_RENEGOTIATION
+//#define MBEDTLS_SSL_RENEGOTIATION
 
 /**
  * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
@@ -1046,7 +1047,7 @@
  *
  * Comment this macro to disable support for the max_fragment_length extension
  */
-#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+//#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 
 /**
  * \def MBEDTLS_SSL_PROTO_SSL3
@@ -1058,7 +1059,7 @@
  *
  * Comment this macro to disable support for SSL 3.0
  */
-#define MBEDTLS_SSL_PROTO_SSL3
+//#define MBEDTLS_SSL_PROTO_SSL3
 
 /**
  * \def MBEDTLS_SSL_PROTO_TLS1
@@ -1109,7 +1110,7 @@
  *
  * Comment this macro to disable support for DTLS
  */
-#define MBEDTLS_SSL_PROTO_DTLS
+//#define MBEDTLS_SSL_PROTO_DTLS
 
 /**
  * \def MBEDTLS_SSL_ALPN
@@ -1118,7 +1119,7 @@
  *
  * Comment this macro to disable support for ALPN.
  */
-#define MBEDTLS_SSL_ALPN
+//#define MBEDTLS_SSL_ALPN
 
 /**
  * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
@@ -1133,7 +1134,7 @@
  *
  * Comment this to disable anti-replay in DTLS.
  */
-#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+//#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
 
 /**
  * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
@@ -1151,7 +1152,7 @@
  *
  * Comment this to disable support for HelloVerifyRequest.
  */
-#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+//#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
 
 /**
  * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
@@ -1167,7 +1168,7 @@
  *
  * Comment this to disable support for clients reusing the source port.
  */
-#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+//#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
 
 /**
  * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
@@ -1178,7 +1179,7 @@
  *
  * Requires: MBEDTLS_SSL_PROTO_DTLS
  */
-#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+//#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
 
 /**
  * \def MBEDTLS_SSL_SESSION_TICKETS
@@ -1192,7 +1193,7 @@
  *
  * Comment this macro to disable support for SSL session tickets
  */
-#define MBEDTLS_SSL_SESSION_TICKETS
+//#define MBEDTLS_SSL_SESSION_TICKETS
 
 /**
  * \def MBEDTLS_SSL_EXPORT_KEYS
@@ -1202,7 +1203,7 @@
  *
  * Comment this macro to disable support for key export
  */
-#define MBEDTLS_SSL_EXPORT_KEYS
+//#define MBEDTLS_SSL_EXPORT_KEYS
 
 /**
  * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
@@ -1222,7 +1223,7 @@
  *
  * Comment this macro to disable support for truncated HMAC in SSL
  */
-#define MBEDTLS_SSL_TRUNCATED_HMAC
+//#define MBEDTLS_SSL_TRUNCATED_HMAC
 
 /**
  * \def MBEDTLS_THREADING_ALT
@@ -1257,7 +1258,7 @@
  *
  * Comment this to disable run-time checking and save ROM space
  */
-#define MBEDTLS_VERSION_FEATURES
+//#define MBEDTLS_VERSION_FEATURES
 
 /**
  * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
@@ -1293,7 +1294,7 @@
  *
  * Comment to skip keyUsage checking for both CA and leaf certificates.
  */
-#define MBEDTLS_X509_CHECK_KEY_USAGE
+//#define MBEDTLS_X509_CHECK_KEY_USAGE
 
 /**
  * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
@@ -1306,7 +1307,7 @@
  *
  * Comment to skip extendedKeyUsage checking for certificates.
  */
-#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+//#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
 
 /**
  * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
@@ -1316,7 +1317,7 @@
  *
  * Comment this macro to disallow using RSASSA-PSS in certificates.
  */
-#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+//#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
 
 /**
  * \def MBEDTLS_ZLIB_SUPPORT
@@ -1458,7 +1459,7 @@
  *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
  *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
  */
-#define MBEDTLS_ARC4_C
+//#define MBEDTLS_ARC4_C
 
 /**
  * \def MBEDTLS_ASN1_PARSE_C
@@ -1523,7 +1524,7 @@
  *
  * Module:  library/blowfish.c
  */
-#define MBEDTLS_BLOWFISH_C
+//#define MBEDTLS_BLOWFISH_C
 
 /**
  * \def MBEDTLS_CAMELLIA_C
@@ -1578,7 +1579,7 @@
  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
  */
-#define MBEDTLS_CAMELLIA_C
+//#define MBEDTLS_CAMELLIA_C
 
 /**
  * \def MBEDTLS_CCM_C
@@ -1592,7 +1593,7 @@
  * This module enables the AES-CCM ciphersuites, if other requisites are
  * enabled as well.
  */
-#define MBEDTLS_CCM_C
+//#define MBEDTLS_CCM_C
 
 /**
  * \def MBEDTLS_CERTS_C
@@ -1604,7 +1605,7 @@
  *
  * This module is used for testing (ssl_client/server).
  */
-#define MBEDTLS_CERTS_C
+//#define MBEDTLS_CERTS_C
 
 /**
  * \def MBEDTLS_CIPHER_C
@@ -1644,7 +1645,7 @@
  *
  * This module provides debugging functions.
  */
-#define MBEDTLS_DEBUG_C
+//#define MBEDTLS_DEBUG_C
 
 /**
  * \def MBEDTLS_DES_C
@@ -1670,7 +1671,7 @@
  *
  * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
  */
-#define MBEDTLS_DES_C
+//#define MBEDTLS_DES_C
 
 /**
  * \def MBEDTLS_DHM_C
@@ -1684,7 +1685,7 @@
  * This module is used by the following key exchanges:
  *      DHE-RSA, DHE-PSK
  */
-#define MBEDTLS_DHM_C
+//#define MBEDTLS_DHM_C
 
 /**
  * \def MBEDTLS_ECDH_C
@@ -1700,7 +1701,7 @@
  *
  * Requires: MBEDTLS_ECP_C
  */
-#define MBEDTLS_ECDH_C
+//#define MBEDTLS_ECDH_C
 
 /**
  * \def MBEDTLS_ECDSA_C
@@ -1715,7 +1716,7 @@
  *
  * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
  */
-#define MBEDTLS_ECDSA_C
+//#define MBEDTLS_ECDSA_C
 
 /**
  * \def MBEDTLS_ECJPAKE_C
@@ -1748,7 +1749,7 @@
  *
  * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
  */
-#define MBEDTLS_ECP_C
+//#define MBEDTLS_ECP_C
 
 /**
  * \def MBEDTLS_ENTROPY_C
@@ -1774,7 +1775,7 @@
  *
  * This module enables mbedtls_strerror().
  */
-#define MBEDTLS_ERROR_C
+//#define MBEDTLS_ERROR_C
 
 /**
  * \def MBEDTLS_GCM_C
@@ -1788,7 +1789,7 @@
  * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
  * requisites are enabled as well.
  */
-#define MBEDTLS_GCM_C
+//#define MBEDTLS_GCM_C        //764 Byte
 
 /**
  * \def MBEDTLS_HAVEGE_C
@@ -1825,7 +1826,7 @@
  *
  * Uncomment to enable the HMAC_DRBG random number geerator.
  */
-#define MBEDTLS_HMAC_DRBG_C
+//#define MBEDTLS_HMAC_DRBG_C
 
 /**
  * \def MBEDTLS_MD_C
@@ -1940,7 +1941,7 @@
  *
  * This modules adds support for the VIA PadLock on x86.
  */
-#define MBEDTLS_PADLOCK_C
+//#define MBEDTLS_PADLOCK_C
 
 /**
  * \def MBEDTLS_PEM_PARSE_C
@@ -2032,7 +2033,7 @@
  *
  * This module adds support for the PKCS#5 functions.
  */
-#define MBEDTLS_PKCS5_C
+//#define MBEDTLS_PKCS5_C
 
 /**
  * \def MBEDTLS_PKCS11_C
@@ -2063,7 +2064,7 @@
  *
  * This module enables PKCS#12 functions.
  */
-#define MBEDTLS_PKCS12_C
+//#define MBEDTLS_PKCS12_C
 
 /**
  * \def MBEDTLS_PLATFORM_C
@@ -2083,7 +2084,7 @@
  *
  * This module enables abstraction of common (libc) functions.
  */
-#define MBEDTLS_PLATFORM_C
+//#define MBEDTLS_PLATFORM_C
 
 /**
  * \def MBEDTLS_RIPEMD160_C
@@ -2094,7 +2095,7 @@
  * Caller:  library/mbedtls_md.c
  *
  */
-#define MBEDTLS_RIPEMD160_C
+//#define MBEDTLS_RIPEMD160_C
 
 /**
  * \def MBEDTLS_RSA_C
@@ -2172,7 +2173,7 @@
  *
  * Requires: MBEDTLS_SSL_CACHE_C
  */
-#define MBEDTLS_SSL_CACHE_C
+//#define MBEDTLS_SSL_CACHE_C
 
 /**
  * \def MBEDTLS_SSL_COOKIE_C
@@ -2182,7 +2183,7 @@
  * Module:  library/ssl_cookie.c
  * Caller:
  */
-#define MBEDTLS_SSL_COOKIE_C
+//#define MBEDTLS_SSL_COOKIE_C
 
 /**
  * \def MBEDTLS_SSL_TICKET_C
@@ -2194,7 +2195,7 @@
  *
  * Requires: MBEDTLS_CIPHER_C
  */
-#define MBEDTLS_SSL_TICKET_C
+//#define MBEDTLS_SSL_TICKET_C
 
 /**
  * \def MBEDTLS_SSL_CLI_C
@@ -2465,7 +2466,8 @@
 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
 
 /* SSL options */
-//#define MBEDTLS_SSL_MAX_CONTENT_LEN             16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
+extern unsigned int max_content_len;
+#define MBEDTLS_SSL_MAX_CONTENT_LEN             max_content_len /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
 //#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
 //#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */

diff --git a/components/mbedtls/include/mbedtls/sha1.h b/components/mbedtls/include/mbedtls/sha1.h
index 7a67c6c1fb129eb016743fa93e5de24e2be1676b..2d85a59f78decb1f8cc342e06039f6421e4eed02 100644 (file)
--- a/components/mbedtls/include/mbedtls/sha1.h
+++ b/components/mbedtls/include/mbedtls/sha1.h
@@ -106,7 +106,17 @@ void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[6
 #endif
 
 #else  /* MBEDTLS_SHA1_ALT */
-#include "sha1_alt.h"
+#include "port/sha1_alt.h"
+
+typedef SHA1_CTX mbedtls_sha1_context;
+
+#define mbedtls_sha1_init   sha1_init
+#define mbedtls_sha1_starts sha1_starts
+#define mbedtls_sha1_clone  sha1_clone
+#define mbedtls_sha1_update sha1_update
+#define mbedtls_sha1_finish sha1_finish
+#define mbedtls_sha1_free   sha1_free
+#define mbedtls_sha1_process sha1_process
 #endif /* MBEDTLS_SHA1_ALT */
 
 #ifdef __cplusplus

diff --git a/components/mbedtls/include/mbedtls/sha256.h b/components/mbedtls/include/mbedtls/sha256.h
index f8041adf08232a9f3432b31e51896eefe37772cc..4ab444e8d1f61d87ca4451a30463e7b2323fb1a6 100644 (file)
--- a/components/mbedtls/include/mbedtls/sha256.h
+++ b/components/mbedtls/include/mbedtls/sha256.h
@@ -109,7 +109,17 @@ void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char da
 #endif
 
 #else  /* MBEDTLS_SHA256_ALT */
-#include "sha256_alt.h"
+#include "port/sha256_alt.h"
+
+typedef SHA256_CTX mbedtls_sha256_context;
+
+#define mbedtls_sha256_init   sha256_init
+#define mbedtls_sha256_clone  sha256_clone
+#define mbedtls_sha256_starts sha256_starts
+#define mbedtls_sha256_update sha256_update
+#define mbedtls_sha256_finish sha256_finish
+#define mbedtls_sha256_free   sha256_free
+#define mbedtls_sha256_process sha256_process
 #endif /* MBEDTLS_SHA256_ALT */
 
 #ifdef __cplusplus

diff --git a/components/mbedtls/include/mbedtls/sha512.h b/components/mbedtls/include/mbedtls/sha512.h
index 627694f425f5b6782efcfac7175abbfe7a7f8dfa..0ebc092f43a7c2c69141d236529eb5b1d7ad531a 100644 (file)
--- a/components/mbedtls/include/mbedtls/sha512.h
+++ b/components/mbedtls/include/mbedtls/sha512.h
@@ -106,7 +106,17 @@ void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64
 #endif
 
 #else  /* MBEDTLS_SHA512_ALT */
-#include "sha512_alt.h"
+#include "port/sha512_alt.h"
+
+typedef SHA512_CTX     mbedtls_sha512_context;
+
+#define mbedtls_sha512_init   sha512_init
+#define mbedtls_sha512_clone  sha512_clone
+#define mbedtls_sha512_starts sha512_starts
+#define mbedtls_sha512_update sha512_update
+#define mbedtls_sha512_finish sha512_finish
+#define mbedtls_sha512_free   sha512_free
+
 #endif /* MBEDTLS_SHA512_ALT */
 
 #ifdef __cplusplus

diff --git a/components/mbedtls/include/port/aes_alt.h b/components/mbedtls/include/port/aes_alt.h
index d56c76ce47c99ea68b0749d119183ede6ab0004c..a02f32f299a48257a0a13f55b650ae2e130d7c4e 100644 (file)
--- a/components/mbedtls/include/port/aes_alt.h
+++ b/components/mbedtls/include/port/aes_alt.h
@@ -41,6 +41,12 @@ extern "C" {
 #define ERR_AES_INVALID_KEY_LENGTH                -0x0020  /**< Invalid key length. */
 #define ERR_AES_INVALID_INPUT_LENGTH              -0x0022  /**< Invalid data input length. */
 
+typedef struct{
+       bool  flag;
+       uint16 keybites;
+    uint8 key[32];
+}key_context, KEY_CTX;
+
 /**
  * \brief          AES context structure
  *
@@ -53,7 +59,8 @@ typedef struct
 {
     int nr;                     /*!<  number of rounds  */
     uint32_t *rk;               /*!<  AES round keys    */
-    uint32_t buf[68];           /*!<  unaligned data    */
+       KEY_CTX enc;
+       KEY_CTX dec;    
 }aes_context;
 
 typedef aes_context    AES_CTX;

diff --git a/components/mbedtls/include/port/multi_thread.h b/components/mbedtls/include/port/multi_thread.h
new file mode 100644 (file)
index 0000000..6732eed
--- /dev/null
+++ b/components/mbedtls/include/port/multi_thread.h
@@ -0,0 +1,63 @@
+#ifndef _MULTI_THREAD_H_
+#define _MULTI_THREAD_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+enum {
+       AES_MUTEX = 0,
+       BIGNUM_MUTEX,
+       SHA_MUTEX,
+
+       MUTEX_MAX_NUM,
+};
+
+int multi_thread_init(void);
+
+void multi_thread_lock(unsigned int num);
+void multi_thread_unlock(unsigned int num);
+
+void multi_thread_take(unsigned int num);
+void multi_thread_give(unsigned int num);
+bool multi_thread_is_used(num);
+
+#define MUTEX_LOCK(num) multi_thread_lock(num)
+#define MUTEX_UNLOCK(num) multi_thread_unlock(num)
+
+#define SIG_TAKE(num) multi_thread_take(num)
+#define SIG_GIVE(num) multi_thread_give(num)
+#define SIG_IS_USED(num) multi_thread_is_used(num)
+
+#define AES_LOCK() MUTEX_LOCK(AES_MUTEX)
+#define AES_UNLOCK() MUTEX_UNLOCK(AES_MUTEX)
+#define BIGNUM_LOCK() MUTEX_LOCK(BIGNUM_MUTEX)
+#define BIGNUM_UNLOCK() MUTEX_UNLOCK(BIGNUM_MUTEX)
+#define SHA1_LOCK() MUTEX_LOCK(SHA_MUTEX)
+#define SHA1_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX)
+#define SHA256_LOCK() MUTEX_LOCK(SHA_MUTEX)
+#define SHA256_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX)
+#define SHA512_LOCK() MUTEX_LOCK(SHA_MUTEX)
+#define SHA512_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX)
+
+#define AES_TAKE() SIG_TAKE(AES_MUTEX)
+#define AES_GIVE() SIG_GIVE(AES_MUTEX)
+#define AES_IS_USED() SIG_IS_USED(AES_MUTEX)
+#define BIGNUM_TAKE() SIG_TAKE(BIGNUM_MUTEX)
+#define BIGNUM_GIVE() SIG_GIVE(BIGNUM_MUTEX)
+#define BIGNUM_IS_USED() SIG_IS_USED(BIGNUM_MUTEX)
+#define SHA1_TAKE() SIG_TAKE(SHA_MUTEX)
+#define SHA1_GIVE() SIG_GIVE(SHA_MUTEX)
+#define SHA1_IS_USED() SIG_IS_USED(SHA_MUTEX)
+#define SHA256_TAKE() SIG_TAKE(SHA_MUTEX)
+#define SHA256_GIVE() SIG_GIVE(SHA_MUTEX)
+#define SHA256_IS_USED() SIG_IS_USED(SHA_MUTEX)
+#define SHA512_TAKE() SIG_TAKE(SHA_MUTEX)
+#define SHA512_GIVE() SIG_GIVE(SHA_MUTEX)
+#define SHA512_IS_USED() SIG_IS_USED(SHA_MUTEX)
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* multi_thread.h */

diff --git a/components/mbedtls/library/bignum.c b/components/mbedtls/library/bignum.c
index 4c99e04d6fc6c84f1e8e0e67fff557668f3e846a..e438fdddbf0d54cae5dea8cced8855771fa9ae1a 100644 (file)
--- a/components/mbedtls/library/bignum.c
+++ b/components/mbedtls/library/bignum.c
@@ -58,6 +58,8 @@
 #define mbedtls_free       free
 #endif
 
+#if !defined(MBEDTLS_BIGNUM_ALT)
+
 /* Implementation that should never be optimized out by the compiler */
 static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) {
     volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0;
@@ -2264,6 +2266,7 @@ cleanup:
 }
 
 #endif /* MBEDTLS_GENPRIME */
+#endif /* MBEDTLS_BIGNUM_ALT */
 
 #if defined(MBEDTLS_SELF_TEST)
 

diff --git a/components/mbedtls/port/aes_alt.c b/components/mbedtls/port/aes_alt.c
index 26699d82fbb2b6f7ba68acc7d84f92bb0c9a839a..504a2a7db8600389d48725aed61b1585da23b0a6 100644 (file)
--- a/components/mbedtls/port/aes_alt.c
+++ b/components/mbedtls/port/aes_alt.c
@@ -30,6 +30,7 @@
 #if defined(ESP_AES_C)
 
 #include <string.h>
+#include "multi_thread.h"
 
 /* Implementation that should never be optimized out by the compiler */
 static void aes_zeroize( void *v, size_t n ) {
@@ -39,7 +40,11 @@ static void aes_zeroize( void *v, size_t n ) {
 void aes_init( AES_CTX *ctx )
 {
     memset( ctx, 0, sizeof( AES_CTX ) );
+
+    AES_LOCK();
+    AES_TAKE();
        ets_aes_enable();
+       AES_UNLOCK();
 }
 
 void aes_free( AES_CTX *ctx )
@@ -48,7 +53,12 @@ void aes_free( AES_CTX *ctx )
         return;
 
     aes_zeroize( ctx, sizeof( AES_CTX ) );
-       ets_aes_disable();
+
+    AES_LOCK();
+    AES_GIVE();
+    if (false == AES_IS_USED())
+           ets_aes_disable();
+       AES_UNLOCK();
 }
 
 /*
@@ -58,6 +68,7 @@ int aes_setkey_enc( AES_CTX *ctx, const unsigned char *key,
                     unsigned int keybits )
 {
        enum AES_BITS   keybit;
+       uint16 keybyte = keybits / 8;
        switch (keybits){
                case 128:
                        keybit = AES128;
@@ -70,6 +81,12 @@ int aes_setkey_enc( AES_CTX *ctx, const unsigned char *key,
                        break;
                default : return( ERR_AES_INVALID_KEY_LENGTH );
        }
+       if (ctx->enc.flag == false){
+               ctx->enc.flag = true;
+               ctx->enc.keybites = keybits;
+               memset(ctx->enc.key, 0, sizeof(ctx->enc.key));
+               memcpy(ctx->enc.key, key, keybyte);
+       }
        ets_aes_setkey_enc(key, keybit);
        return 0;
 }
@@ -81,6 +98,7 @@ int aes_setkey_dec( AES_CTX *ctx, const unsigned char *key,
                     unsigned int keybits )
 {
        enum AES_BITS   keybit;
+       uint16 keybyte = keybits / 8;
        switch (keybits){
                case 128:
                        keybit = AES128;
@@ -93,11 +111,32 @@ int aes_setkey_dec( AES_CTX *ctx, const unsigned char *key,
                        break;
                default : return( ERR_AES_INVALID_KEY_LENGTH );
        }
+       if (ctx->dec.flag == false){
+               ctx->dec.flag = true;
+               ctx->dec.keybites = keybits;
+               memset(ctx->dec.key, 0, sizeof(ctx->dec.key));
+               memcpy(ctx->dec.key, key, keybyte);
+       }
        ets_aes_setkey_dec(key, keybit);
        return 0;
 
 }
 
+static void aes_process_enable(AES_CTX *ctx, int mode)
+{
+       if( mode == AES_ENCRYPT ){
+               aes_setkey_enc(ctx, ctx->enc.key, ctx->enc.keybites);
+       }else{
+               aes_setkey_dec(ctx, ctx->dec.key, ctx->dec.keybites);
+       }
+       return;
+}
+
+static void aes_process_disable(AES_CTX *ctx, int mode)
+{
+       
+}
+
 /*
  * AES-ECB block encryption
  */
@@ -155,7 +194,10 @@ int aes_crypt_cbc( AES_CTX *ctx,
 
     if( length % 16 )
         return( ERR_AES_INVALID_INPUT_LENGTH );
-       
+
+    AES_LOCK();
+
+       aes_process_enable(ctx, mode);
        if( mode == AES_DECRYPT )
     {
         while( length > 0 )
@@ -188,6 +230,10 @@ int aes_crypt_cbc( AES_CTX *ctx,
             length -= 16;
         }
     }
+       aes_process_disable(ctx, mode);
+
+       AES_UNLOCK();
+
        return 0;
 }
 
@@ -204,7 +250,10 @@ int aes_crypt_cfb128( AES_CTX *ctx,
 {
        int c;
        size_t n = *iv_off;
-       
+
+       AES_LOCK();
+
+       aes_process_enable(ctx, mode);
        if( mode == AES_DECRYPT )
        {
                while( length-- )
@@ -233,6 +282,9 @@ int aes_crypt_cfb128( AES_CTX *ctx,
        }
        
        *iv_off = n;
+       aes_process_disable(ctx, mode);
+
+       AES_UNLOCK();
 
        return 0;
 }
@@ -249,7 +301,10 @@ int aes_crypt_cfb8( AES_CTX *ctx,
 {
        unsigned char c;
        unsigned char ov[17];
-       
+
+       AES_LOCK();
+
+       aes_process_enable(ctx, mode);
        while( length-- )
        {
                memcpy( ov, iv, 16 );
@@ -265,6 +320,9 @@ int aes_crypt_cfb8( AES_CTX *ctx,
        
                memcpy( iv, ov + 1, 16 );
        }
+       aes_process_disable(ctx, mode);
+       
+       AES_UNLOCK();
 
        return 0;
 }
@@ -283,6 +341,10 @@ int aes_crypt_ctr( AES_CTX *ctx,
        int c, i;
     size_t n = *nc_off;
 
+    AES_LOCK();
+
+       aes_process_enable(ctx, AES_ENCRYPT);
+
     while( length-- )
     {
         if( n == 0 ) {
@@ -299,6 +361,10 @@ int aes_crypt_ctr( AES_CTX *ctx,
     }
 
     *nc_off = n;
+       aes_process_disable(ctx, AES_ENCRYPT);
+
+       AES_UNLOCK();
+
        return 0;
 }
 

diff --git a/components/mbedtls/port/bignum_alt.c b/components/mbedtls/port/bignum_alt.c
index 88901671c89c8d0addb6385043bceb071461603f..2da6e716930167cacf6f9bc59ff5af247a2a3f67 100644 (file)
--- a/components/mbedtls/port/bignum_alt.c
+++ b/components/mbedtls/port/bignum_alt.c
@@ -38,6 +38,7 @@
 #if defined(ESP_BIGNUM_ALT)
 #include <string.h>
 #include <stdlib.h>
+#include "multi_thread.h"
 
 /* Implementation that should never be optimized out by the compiler */
 static void mpi_zeroize( void *v, size_t n ) {
@@ -68,7 +69,10 @@ void mpi_init( mpi *X )
     X->s = 1;
     X->n = 0;
     X->p = NULL;
+    BIGNUM_LOCK();
+    BIGNUM_TAKE();
        ets_bigint_enable();
+       BIGNUM_UNLOCK();
 }
 
 /*
@@ -88,7 +92,11 @@ void mpi_free( mpi *X )
     X->s = 1;
     X->n = 0;
     X->p = NULL;
-       ets_bigint_disable();
+    BIGNUM_LOCK();
+    BIGNUM_GIVE();
+    if (false == BIGNUM_IS_USED())
+           ets_bigint_disable();
+       BIGNUM_UNLOCK();
 }
 
 /*
@@ -1035,12 +1043,14 @@ int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B )
 //    for( i++; j > 0; j-- )
     mpi_mul_hlp( i - 1, A->p, X->p + j - 1, B->p[j - 1] );
 
+    BIGNUM_LOCK();
        if (ets_bigint_mult_prepare(A->p, B->p, n)){
                ets_bigint_wait_finish();
                ets_bigint_mult_getz(X->p, n);
        } else{
                mpi_printf("Baseline multiplication failed\n");
        }
+       BIGNUM_UNLOCK();
 
     X->s = A->s * B->s;
 
@@ -1406,6 +1416,7 @@ static void mpi_montmul( mpi *A, const mpi *B, const mpi *N, mpi_uint mm,
     n = N->n;
     m = ( B->n < n ) ? B->n : n;
 
+    BIGNUM_LOCK();
        if (ets_bigint_montgomery_mult_prepare(N->p, B->p, d, m, n, false)) {
         ets_bigint_wait_finish();
 
@@ -1413,6 +1424,7 @@ static void mpi_montmul( mpi *A, const mpi *B, const mpi *N, mpi_uint mm,
     } else{
                mpi_printf("Montgomery multiplication failed\n");
        }
+       BIGNUM_UNLOCK();
 
 }
 

diff --git a/components/mbedtls/port/multi_thread.c b/components/mbedtls/port/multi_thread.c
new file mode 100644 (file)
index 0000000..31cf1ea
--- /dev/null
+++ b/components/mbedtls/port/multi_thread.c
@@ -0,0 +1,53 @@
+#include "multi_thread.h"
+#include "freertos/FreeRTOS.h"
+#include "freertos/semphr.h"
+
+static xSemaphoreHandle multi_thread_mutex[MUTEX_MAX_NUM];
+static int multi_thread_sig[MUTEX_MAX_NUM];
+
+int multi_thread_init(void)
+{
+       int i;
+
+       for (i = 0; i < MUTEX_MAX_NUM; i++) {
+               multi_thread_mutex[i] = xSemaphoreCreateMutex();
+               if (!multi_thread_mutex[i]) {
+                       goto failed1;
+               }
+               multi_thread_sig[i] = 0;
+       }
+
+       return 0;
+
+failed1:
+       for (i--; i >= 0; i--)
+               vQueueDelete(multi_thread_mutex[i]);
+
+       return -1;
+}
+
+void multi_thread_lock(unsigned int num)
+{
+       xSemaphoreTake(multi_thread_mutex[num], portMAX_DELAY);
+}
+
+void multi_thread_unlock(unsigned int num)
+{
+       xSemaphoreGive(multi_thread_mutex[num]);
+}
+
+void multi_thread_take(unsigned int num)
+{
+       multi_thread_sig[num]++;
+}
+
+void multi_thread_give(unsigned int num)
+{
+       multi_thread_sig[num]--;
+}
+
+bool multi_thread_is_used(num)
+{
+       return (multi_thread_sig[num] != 0) ? true : false;
+}
+

diff --git a/components/mbedtls/port/sha1_alt.c b/components/mbedtls/port/sha1_alt.c
index 32a970704caeb0350e4a32906ddd31501cc1a15e..b73d03ffa50725bd8e6087b23f99a7ecd25da253 100644 (file)
--- a/components/mbedtls/port/sha1_alt.c
+++ b/components/mbedtls/port/sha1_alt.c
@@ -27,6 +27,7 @@
 
 #if defined(ESP_SHA1_C)
 #include <string.h>
+#include "multi_thread.h"
 
 /* Implementation that should never be optimized out by the compiler */
 static void sha1_zeroize( void *v, size_t n ) {
@@ -36,7 +37,11 @@ static void sha1_zeroize( void *v, size_t n ) {
 void sha1_init( SHA1_CTX *ctx )
 {
     memset( ctx, 0, sizeof( SHA1_CTX ) );
+
+    SHA1_LOCK();
+    SHA1_TAKE();
        ets_sha_enable();       
+       SHA1_UNLOCK();
 }
 
 void sha1_free( SHA1_CTX *ctx )
@@ -45,7 +50,12 @@ void sha1_free( SHA1_CTX *ctx )
         return;
 
     sha1_zeroize( ctx, sizeof( SHA1_CTX ) );
-       ets_sha_disable();
+
+    SHA1_LOCK();
+    SHA1_GIVE();
+    if (false == SHA1_IS_USED())
+           ets_sha_disable();
+       SHA1_UNLOCK();
 }
 
 void sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src )
@@ -63,7 +73,10 @@ void sha1_process(SHA1_CTX *ctx, const unsigned char data[64])
  */
 void sha1_starts( SHA1_CTX *ctx )
 {
+       SHA1_LOCK();
        ets_sha_init(&ctx->context);
+       SHA1_UNLOCK();
+
        ctx->context_type = SHA1;
 }
 
@@ -72,6 +85,7 @@ void sha1_starts( SHA1_CTX *ctx )
  */
 void sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen )
 {
+       SHA1_LOCK();
        ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8);
 }
 
@@ -81,6 +95,7 @@ void sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen )
 void sha1_finish( SHA1_CTX *ctx, unsigned char output[20] )
 {
        ets_sha_finish(&ctx->context, ctx->context_type, output);
+       SHA1_UNLOCK();
 }
 
 /*

diff --git a/components/mbedtls/port/sha256_alt.c b/components/mbedtls/port/sha256_alt.c
index 781cfa7a119178012e6a5a7b7cd119e0cb655b47..fc8769d1ba5989efc9cc4bb86877d38c65d710da 100644 (file)
--- a/components/mbedtls/port/sha256_alt.c
+++ b/components/mbedtls/port/sha256_alt.c
@@ -27,6 +27,7 @@
 
 #if defined(ESP_SHA256_C)
 #include <string.h>
+#include "multi_thread.h"
 
 /* Implementation that should never be optimized out by the compiler */
 static void sha256_zeroize( void *v, size_t n ) {
@@ -36,7 +37,11 @@ static void sha256_zeroize( void *v, size_t n ) {
 void sha256_init( SHA256_CTX *ctx )
 {
     memset( ctx, 0, sizeof( SHA256_CTX ) );
+
+    SHA256_LOCK();
+    SHA256_TAKE();
        ets_sha_enable();
+       SHA256_UNLOCK();
 }
 
 void sha256_process(SHA256_CTX *ctx, const unsigned char data[64])
@@ -50,7 +55,12 @@ void sha256_free( SHA256_CTX *ctx )
         return;
 
     sha256_zeroize( ctx, sizeof( SHA256_CTX ) );
-       ets_sha_disable();
+
+    SHA256_LOCK();
+    SHA256_GIVE();
+    if (false == SHA256_IS_USED())
+           ets_sha_disable();
+       SHA256_UNLOCK();
 }
 
 void sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src )
@@ -63,7 +73,10 @@ void sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src )
  */
 void sha256_starts( SHA256_CTX *ctx, int is224 )
 {
+       SHA256_LOCK();
     ets_sha_init(&ctx->context);
+    SHA256_UNLOCK();
+
        if( is224 == 0 )
     {
         /* SHA-256 */
@@ -79,6 +92,7 @@ void sha256_starts( SHA256_CTX *ctx, int is224 )
  */
 void sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen )
 {
+       SHA256_LOCK();
        ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8);
 }
 
@@ -88,6 +102,7 @@ void sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen )
 void sha256_finish( SHA256_CTX *ctx, unsigned char output[32] )
 {
        ets_sha_finish(&ctx->context, ctx->context_type, output);
+       SHA256_UNLOCK();
 }
 
 /*

diff --git a/components/mbedtls/port/sha512_alt.c b/components/mbedtls/port/sha512_alt.c
index 9884dd8d1e8d884d860e9688a60a8a3bcdaae1bd..02d315681e52bf84e41930e5f7444e21c5b4348f 100644 (file)
--- a/components/mbedtls/port/sha512_alt.c
+++ b/components/mbedtls/port/sha512_alt.c
@@ -26,6 +26,7 @@
 
 #if defined(ESP_SHA512_C)
 #include <string.h>
+#include "multi_thread.h"
 
 /* Implementation that should never be optimized out by the compiler */
 static void sha512_zeroize( void *v, size_t n ) {
@@ -35,7 +36,11 @@ static void sha512_zeroize( void *v, size_t n ) {
 void sha512_init( SHA512_CTX *ctx )
 {
     memset( ctx, 0, sizeof( SHA512_CTX ) );
+
+    SHA512_LOCK();
+    SHA512_TAKE();
        ets_sha_enable();
+       SHA512_UNLOCK();
 }
 
 void sha512_free( SHA512_CTX *ctx )
@@ -44,7 +49,12 @@ void sha512_free( SHA512_CTX *ctx )
         return;
 
     sha512_zeroize( ctx, sizeof( SHA512_CTX ) );
-       ets_sha_disable();
+
+    SHA512_LOCK();
+    SHA512_GIVE();
+    if (false == SHA512_IS_USED())
+           ets_sha_disable();
+       SHA512_UNLOCK();
 }
 
 void sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src )
@@ -57,7 +67,9 @@ void sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src )
  */
 void sha512_starts( SHA512_CTX *ctx, int is384 )
 {
+       SHA512_LOCK();
        ets_sha_init(&ctx->context);
+       SHA512_UNLOCK();
     if( is384 == 0 )
     {
         /* SHA-512 */
@@ -75,6 +87,7 @@ void sha512_starts( SHA512_CTX *ctx, int is384 )
  */
 void sha512_update( SHA512_CTX *ctx, const unsigned char *input,size_t ilen )
 {
+       SHA512_LOCK();
     ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8);
 }
 
@@ -84,6 +97,7 @@ void sha512_update( SHA512_CTX *ctx, const unsigned char *input,size_t ilen )
 void sha512_finish( SHA512_CTX *ctx, unsigned char output[64] )
 {
     ets_sha_finish(&ctx->context, ctx->context_type, output);
+    SHA512_UNLOCK();
 }
 
 /*